<?php
header("Content-Type:text/html;chardset=utf-8"); 
?>
<?php
session_start();

//include 'db.inc.php';
//echo '11111111111<ul>';
$MYSQL_HOST='localhost';
$MYSQL_USER='root';
$MYSQL_PASSWORD='root';
$MYSQL_DB='CreateHouse';

$db = mysql_connect($MYSQL_HOST, $MYSQL_USER, $MYSQL_PASSWORD) or
	die('Unable to connect. Check your connection parameters');

mysql_select_db($MYSQL_DB, $db) or die(mysql_error($db));
mysql_query(' set names utf8;', $db) or die(mysql_error($db));	

$uname = (isset($_POST['uname'])) ? trim($_POST['uname']) : '';
$password = (isset($_POST['pass'])) ? $_POST['pass'] : '';

//echo '11111111111<ul>';
if(isset($_POST['submit']))
{
	$query = 'SELECT user_id FROM site_user WHERE ' . 
		'register_mail = "' . mysql_real_escape_string($uname, $db). '" AND ' . 
		'password = MD5("' . mysql_real_escape_string($password, $db) . '")';
		
	$result = mysql_query($query, $db) or die(mysql_error($db));
	
	$resultmail = mysql_num_rows($result);
	
	$query = 'SELECT user_id FROM site_user WHERE ' . 
		'register_ulike = "' . mysql_real_escape_string($uname, $db). '" AND ' . 
		'password = MD5("' . mysql_real_escape_string($password, $db) . '")';
		
	$result = mysql_query($query, $db) or die(mysql_error($db));
	$resultulike = mysql_num_rows($result);
	//echo '4444444444444444<ul>';	
	if($resultmail > 0)
	{
		$_SESSION['uname'] = $uname;
		$_SESSION['logged'] = 1;
		header('Refresh: 5;URL=' . "http://www.baidu.com");
		
		echo '<p>You will be redirect to your original page requuest.</p>';
		echo '<p>If your browser doesn\'t redirect you properly automatically,' . 
			'<a href="http://www.pinqipin.com/">Click here</a></p>';
			
		die();
	}
	else
	{
		echo '<p><strong>You have supplied an invalid username and/or ' . 
			'password!</strong>Please <a href="./../register.html">Click here ' .
			'to register</a>if you have not done so already.</P>';
	}
	mysql_free_result($result);
} 
?>
